A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl
Project description
rtty-soda
A CLI tool for Unix-like environments to encrypt a RTTY session using NaCl.
Features
- Public Key encryption (Curve25519-XSalsa20-Poly1305)
- Secret Key encryption (XSalsa20-Poly1305)
- Key derivation (Argon2id-Blake2b)
- Text compression (brotli, zstd, zlib, bz2, lzma)
- Custom encodings:
- Base10 (Decimal)
- Base26 (Latin)
- Base31 (Cyrillic)
- Base36 (Latin with numbers)
- Base64 (RFC 4648)
- Base94 (ASCII printable)
- Binary
Installation
Package manager
- Install uv
- Install rtty-soda:
% uv tool install "rtty-soda[cli]" - Remove rtty-soda:
% uv tool uninstall rtty-soda
Docker
% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.3.13
% docker run -it --rm -h rtty-soda -v .:/app/host nett/rtty-soda:0.3.13-tools
Getting help
All commands have [-h | --help] option.
% soda
Usage: soda [OPTIONS] COMMAND [ARGS]...
Options:
--version Show the version and exit.
-h, --help Show this message and exit.
Commands:
decrypt-password (dp) Decrypt Message (Password).
decrypt-public (d) Decrypt Message (Public).
decrypt-secret (ds) Decrypt Message (Secret).
encode Encode File.
encrypt-password (ep) Encrypt Message (Password).
encrypt-public (e) Encrypt Message (Public).
encrypt-secret (es) Encrypt Message (Secret).
genkey Generate Private Key.
kdf Key Derivation Function.
pubkey Get Public Key.
Some commands have aliases, so % soda encrypt-password ... and % soda ep ...
are equivalent.
Public Key encryption
Key generation
% soda genkey | tee alice | soda pubkey - | tee alice_pub
yne1z/r40qE3wXjeWIUInJ/lcO4+1jXH6F9nWW3u+mc=
% soda genkey | tee bob | soda pubkey - | tee bob_pub
p+SR1SY1b0FSLHtn8IP0tySLM2rPmTVPmBpIdleOWCc=
% soda genkey -h
Usage: soda genkey [OPTIONS]
Generate Private Key.
Encoding: base10 | base26 | base31 | base36 | base64 | base94 | binary
Options:
-e, --encoding TEXT [default: base64]
-o, --output-file FILE Write output to file.
-g, --group-len INTEGER [default: 0]
--line-len INTEGER [default: 80]
--padding INTEGER [default: 0]
-v, --verbose Show verbose output.
-h, --help Show this message and exit.
Encryption
Alice sends the message to Bob:
% cat message
A telegraph key is a specialized electrical switch used by a trained operator to
transmit text messages in Morse code in a telegraphy system.
The first telegraph key was invented by Alfred Vail, an associate of Samuel Morse.
(c) Wikipedia
% soda encrypt-public alice bob_pub message | tee encrypted | cut -c 1-80
fhHAyQJ/z4cdhB23jQ8lBmfadvwmJBa+OuZ13dzCsj02SMfXLhYmW9FcI3Uf9vOx0icAsPmLvGI+S1Wj
% soda encrypt-public -h
Usage: soda encrypt-public [OPTIONS] PRIVATE_KEY_FILE PUBLIC_KEY_FILE
MESSAGE_FILE
Encrypt Message (Public).
Encoding: base10 | base26 | base31 | base36 | base64 | base94 | binary
Compression: brotli | zstd | zlib | bz2 | lzma | raw
Options:
-t, --text Treat message as text (binary if not specified).
--key-encoding TEXT [default: base64]
-e, --data-encoding TEXT [default: base64]
-c, --compression TEXT [default: brotli]
-o, --output-file FILE Write output to file.
-g, --group-len INTEGER [default: 0]
--line-len INTEGER [default: 80]
--padding INTEGER [default: 0]
-v, --verbose Show verbose output.
-h, --help Show this message and exit.
Decryption
% soda decrypt-public bob alice_pub encrypted
A telegraph key is a specialized electrical switch used by a trained operator to
transmit text messages in Morse code in a telegraphy system.
The first telegraph key was invented by Alfred Vail, an associate of Samuel Morse.
(c) Wikipedia
Secret Key encryption
Alice and Bob share a key for symmetric encryption:
% soda genkey > shared
% soda encrypt-secret shared message -o encrypted
% soda decrypt-secret shared encrypted -o message
Another day, they share a password:
% echo qwerty | soda encrypt-password - message -p interactive -o encrypted
% echo qwerty | soda decrypt-password - encrypted -p interactive -o message
Key derivation
The KDF function derives the key from the password. It accepts different profiles: interactive, moderate, and sensitive.
% echo qwerty | soda kdf - -p interactive
HqbvUXflAG+no3YS9njezZ3leyr8IwERAyeNoG2l41U=
% soda kdf -h
Usage: soda kdf [OPTIONS] PASSWORD_FILE
Key Derivation Function.
Encoding: base10 | base26 | base31 | base36 | base64 | base94 | binary
Profile: interactive | moderate | sensitive
Options:
-e, --encoding TEXT [default: base64]
-p, --profile TEXT [default: sensitive]
-o, --output-file FILE Write output to file.
-g, --group-len INTEGER [default: 0]
--line-len INTEGER [default: 80]
--padding INTEGER [default: 0]
-v, --verbose Show verbose output.
-h, --help Show this message and exit.
Text compression
That works as follows:
- The plaintext is prepared:
- In binary mode (default), the message is read as bytes
- In text mode (
-t, --text), the message is read as a string, stripped, and encoded with SCSU, reducing the size of Unicode messages by 15–50%
- The plaintext is compressed with the compression lib
- The 16-byte MAC and 24-byte nonce are added
- The result is encoded with Base64, which adds ~33% overhead
% soda es shared message -t -v -c brotli > /dev/null
Plaintext: 238
Ciphertext: 216
Overhead: 0.908
Groups: 1
% soda es shared message -t -v -c zstd > /dev/null
Plaintext: 238
Ciphertext: 276
Overhead: 1.160
Groups: 1
% soda es shared message -t -v -c zlib > /dev/null
Plaintext: 238
Ciphertext: 280
Overhead: 1.176
Groups: 1
% soda es shared message -t -v -c bz2 > /dev/null
Plaintext: 238
Ciphertext: 336
Overhead: 1.412
Groups: 1
% soda es shared message -t -v -c lzma > /dev/null
Plaintext: 238
Ciphertext: 320
Overhead: 1.345
Groups: 1
% soda es shared message -t -v -c raw > /dev/null
Plaintext: 238
Ciphertext: 372
Overhead: 1.563
Groups: 1
Encoding
The rtty-soda supports various encodings:
% soda encrypt-public alice bob_pub message --data-encoding base36 --group-len 5 --text
44F8K AUMW0 QDKPJ OKUEF ZJQTG DAI2Q 224BZ CXLCU E3CXN Q46KU 610Z5 0QZYG 9ZZXB
3SOPU MG4GU 9D9B4 V738Q PWVFY O0818 U6OBJ NCSQK O86JF LOTYN IPPRK LP7UY B3Z4L
IIOTG VM33S G1912 46TLA RVDF0 U4JGI GC3V6 MO1YO ZIVOW 6P1WV NCVDV KZHDC L8CZD
YFLV5 L7VTI NPE1Y S3B91 1ILIG ATHPN PFEKK 7SBRA GL1AK KRMM7 MY3
Environment variables
Common options can be set in the environment variables:
% cat ~/.soda/bin.env
SODA_TEXT=0
SODA_KEY_ENCODING=binary
SODA_DATA_ENCODING=binary
SODA_COMPRESSION=brotli
SODA_KDF_PROFILE=sensitive
SODA_GROUP_LEN=0
SODA_LINE_LEN=0
SODA_PADDING=0
SODA_VERBOSE=0
Alternative usage
-
Password source
% echo "A line from a book or a poem" | soda kdf - -e base94 -p interactive x\R9"~8Ujh^_uh:Ty<!t(ZNzK=5w^ukew~#-x!n -
WireGuard keyer
% echo "A line from a book or a poem" | soda kdf - -p interactive -o privkey % cat privkey uIoBJdgaz8ZP3/n/9KzdUNvFi7DxbUQdQ9t8ujwGnMk= % soda pubkey privkey F2B674kXVcTznnRPWCVasx1miCT+yUtXQ3P5Ecee4zI= % cat privkey | wg pubkey F2B674kXVcTznnRPWCVasx1miCT+yUtXQ3P5Ecee4zI= -
Secure storage
% echo "A remarkable example of misplaced confidence" > sensitive_data % echo "Blessed with opinions, cursed with thought" > data_password % soda ep data_password sensitive_data -e binary -p interactive -o encrypted_data % echo "Too serious to be wise" > offset_password % soda kdf offset_password -e base10 -p interactive -g 10 | head -1 6174465709 4962164854 2541023297 3274271197 5950333784 2118297875 9632383288 % sudo dd if=./encrypted_data of=/dev/sdb1 bs=1 seek=6174465709 85+0 records in 85+0 records out 85 bytes transferred in 0.005787 secs (14688 bytes/sec)
Compatibility
During the initial development (versions prior to 1.0.0), I can break backwards compatibility.
Releases
This project follows a rolling release cycle. Each version bump represents where I completed a full test cycle. When testing passes successfully, I commit and release - so every release is a verified stable point.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rtty_soda-0.3.13.tar.gz
(12.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rtty_soda-0.3.13.tar.gz.
File metadata
- Download URL: rtty_soda-0.3.13.tar.gz
- Upload date:
- Size: 12.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d3ca47a3d591ee23b57d7afb80aa811b5c2c6340cb76378f264701e6d1f43318
|
|
| MD5 |
2b8231265f596325a6f418113221836c
|
|
| BLAKE2b-256 |
04796a4e9d1e9cecbce4a63ae31a9c72619c0b02fb8fb6032db6e41a80d6bd88
|
File details
Details for the file rtty_soda-0.3.13-py3-none-any.whl.
File metadata
- Download URL: rtty_soda-0.3.13-py3-none-any.whl
- Upload date:
- Size: 21.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a871234b029c20b68307b2ce080ff1bb2c844398fa0c6ebf9019c197f2c785d7
|
|
| MD5 |
43f2a30c67f56b3f7ea1b2b6d471de61
|
|
| BLAKE2b-256 |
9b454145be0adb44450c9ceee7885dab00dd51052f79a9128ef0f81ed306baf3
|
